Sonatype Security Research has identified a potential compromise of a trusted npm maintainer account that has now published two malicious npm packages — sbx-mask and touch-adv — designed to exfiltrate secrets from victims' computers.

The post Sonatype Discovers Two Malicious npm Packages appeared first on Security Boulevard.

Sonatype Security Research Team

Source: Security Boulevard
Source Link: https://securityboulevard.com/2026/03/sonatype-discovers-two-malicious-npm-packages/